Posted
by
timothy
on Tuesday February 16, 2016 @09:26AM
from the talk-about-localization dept.

itwbennett writes: MazarBOT, a malware program that can take full control of Android phones, appears to be targeting online bank accounts. The malware has been seen advertised on Russian underground forums in the last few months and surfaced over the weekend. '[On] Friday, a swarm of SMSs were sent to random phone numbers in Denmark and likely elsewhere. The content of the SMS had the purpose of luring the recipient into clicking the provided link, which would serve up a malicious APK,' wrote Peter Kruse, an IT security expert and founder of CSIS Security Group. One interesting feature: 'MazarBOT will stop installing itself if it detects an Android device that is running within Russia,' writes Jeremy Kirk.

Why is it that so much malware and online crime comes from Russia? The country simply refuses to police themselves, even when things are obviously illegal. The overall effects are pretty severe to other countries. I'd support sanctioning Putin directly to prevent him from entering the EU. Then I'd also effectively cut them off from the internet by terminating any wired links between them and the EU while dropping all connections coming from IPs assigned to entities in Russia. Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.

Putin's going to need asylum eventually. The whole reason he's causing trouble in Ukraine and Syria is that he's incapable of improving either Russia's or Russian's situation. He's trying to counter with the "you're under attack, rally under my banner, I'm kinda tough guy" gambit. It's backfiring due to the resulting economic sanctions making normal Russians even worse off, and even in the case of Putin managing to break the EU, the result will sim

Ukraine was content with it's normal corrupt government until the Cock brothers invested 14 billion dollars into destabilizing the country. That wasn't bad enough, but the Cock brothers installed a fascist government.

You do know that the only reason Russia accused the protests in Ukraine of being fascist is to pre-empt the most obvious comparison between Putin and Hitler. Russia has a text-book to-the-letter fascist regime. Even if Ukraine had some neo-fascist parties (as most Eastern European countries do), they don't even register on the radar when it comes to elections. Putin's invasion of Georgia was already frequently invoking comparisons to Hitler's Czechoslovakia. Ukraine would have been to Putin what Austria

Putin sells a lot more oil and wages wars around the world to continue selling oil than all the Koch brothers combined. Oh, there are movies showing people at maidan. I didn't see any skinheads. With so many sources of modern media, the fact that so few purported neonazis were even noticed says that you are way overexposed to a very small pre-selected amount of information. Because the non-skinheads completely dominate and drown out one or two skinheads that some Russian propaganda managed to find (and

Honestly, I really don't get how you can bothered by a few crazies planted into a peaceful demonstration in Ukraine who were spouting xenophobic slogans, but you are ok with the RF government turning RF into a fascist state. Why do you care to hate enemies of RF if its biggest enemies are its own government. They are the ones who have turned the country into a prison again.

It isn't Russia specifically. I see enough malware coming from the US too.The thing that is new here is that the criminals have realized that neither country gives a shit about what happens to people in other countries. Russia isn't going to bother with criminals that doesn't hurt their own population and they aren't going to let foreign police dick around. This means that by only targeting population in other countries the criminals know that there won't be an investigation.

Partially true.The real reason for this is also that the best way to get "disappeared" in pretty much all of the former USSR, (you think Russia is bad - try Belarus), is to piss of either Putin and his cronies or the local mafia.Often the same thing, of course.Now, imagine if some boss or his arm candy gets hit by this thing; the authors are going to be found and put to death in some public and painful way pretty fast...

You could ask the same question about any large country including the United States. Russia in particular has a bit of the wild west going on and I think the authorities there might turn a blind eye if it negatively impacts rival countries.

The country simply refuses to police themselves, even when things are obviously illegal.

You mean like how in the US we have police straight up murdering black people without repercussions? Or how the NSA blatantly violates the constitution? Or how we imprison people in Cuba indefinitely without any trial? Yeah, Russia has some problems but it's not like our poop lacks odor...

I'd support sanctioning Putin directly to prevent him from entering the EU.

Umm, are you aware that Russia supplies much of the EU with huge amounts of oil and gas that cannot be gotten elsewhere quickly? All Putin has to do is shut off a key pipeline or two (which he has done a few times) and it gets awfully cold really fast in some parts of the EU. Furthermore actions like what you suggest are frankly kind of a juvenile response. Putin might be behind all of it (he isn't) but keeping the head of state of Russia arbitrarily out would accomplish very little and would actually do more harm than good in all likelihood.

Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.

Brilliant. Let's go back to the Cold War and turn Russian into North Korea 2Thus ensuring that the many, many decent and civilised Russian who rely on the Internet for objective news get walled-off like generations of poor bastards did behind the iron curtain.

Also, If NATO did precisely fucking nothing effective after the annexation of Crimea and the continuing atrocities in Ukraine and now Syria, do you really think they'll do something like you propose about Android Malware?

They are already that, only much more. Whoever was following Russia's activities, taken in response of Ukraine trying to move westwards, could make very rich picture of their omnidirectional efforts to set this back. And with a chunk of "taken back" pieces of Ukrainian soil, they surpassed North Korea by far.

What NATO should do in a country, that is not even a member of that treaty yet? By unlucky chance, abused by Putin in very lucky manner.

Why is it that so much malware and online crime comes from Russia? The country simply refuses to police themselves, even when things are obviously illegal. The overall effects are pretty severe to other countries. I'd support sanctioning Putin directly to prevent him from entering the EU. Then I'd also effectively cut them off from the internet by terminating any wired links between them and the EU while dropping all connections coming from IPs assigned to entities in Russia. Cutting Russia off from the internet to the best of our ability is really the only way to stop the excessive crime from that country.

Interestingly, the first link really talks mostly about Linux as a target, the word Android is not on the page. I find this more disturbing than a phone attack... in an "all your base are belong to us" sort of way.

Firstly, the link in the article above takes you to a site which has nothing at all in it about Android malware. It's completely about Linux malware that's injected via Windows machines. So what the hell is it doing in the article as the primary link?

1. Get an SMS with a link in it.2. Click the link.3. Get redirected to a website (which Chrome doesn't block).4. Download an APK from that site.5. Attempt to sideload it.6. Realise you can't sideload it without disabling default security options (because the second link does indeed say that the user needs to manually install the APK).7. Go disable default security options.8. Sideload the APK.

WHO THE FUCK FALLS FOR THIS SHIT?!?!

Seriously? How the hell do people successfully find idiots who will do that kind of thing?

I get what you're saying - but they're not rooting their phone with an APK they got, unsolicited, in an SMS, from a total stranger. They're rooting their phone with an APK they got from a site full of people they have at least some level of trust for.

I get what you're saying - but they're not rooting their phone with an APK they got, unsolicited, in an SMS, from a total stranger. They're rooting their phone with an APK they got from a site full of people they have at least some level of trust for.

And that package is code-signed by whom?

Because I'll grant that Cyanogen (or...) deserves some trust. What's missing is the part where some entity verifies that the thing to be installed actually originated from the person(s) that are trusted.

Many of the tools, while they come from regular forum contributors who have built up a reputation for honestly giving owners control over their devices without any dirty tricks attached, are however hosted on some pretty awful ad-malware infested download sites. As long as you can check the GPG signature, you should be fairly safe with the rooting software, but you'd better make sure your browser is up to date and using ad-blocking before you download it.

Firstly, the link in the article above takes you to a site which has nothing at all in it about Android malware. It's completely about Linux malware that's injected via Windows machines. So what the hell is it doing in the article as the primary link?
Then, if I understand correctly (based on the summary alone - because, you know, the primary linked article is clearly completely wrong), you'd need to:
1. Get an SMS with a link in it.
2. Click the link.
3. Get redirected to a website (which Chrome doesn't block).
4. Download an APK from that site.
5. Attempt to sideload it.
6. Realise you can't sideload it without disabling default security options (because the second link does indeed say that the user needs to manually install the APK).
7. Go disable default security options.
8. Sideload the APK.
WHO THE FUCK FALLS FOR THIS SHIT?!?!
Seriously? How the hell do people successfully find idiots who will do that kind of thing?

Seriously? How the hell do people successfully find idiots who will do that kind of thing?

For the same reason spam has never gone away, and all those scam calls everybody gets, it's simply a numbers game... a 1-2% success rate can make it worth doing it. So, those people calling from "teh Microsoft Support", or "Rachael from Cardholder Services", or that "you've won a cruise", or that Nigerian prince scam... if they didn't pay off, they'

For the same reason spam has never gone away....it's simply a numbers game.

It is, but I don't think that it's the same numbers game you think it is. My unconfirmed suspicion (because I have no idea how you'd test this theory) is that spam doesn't work. However, it's cheap to send a shitton of it, and there's a fairly low barrier of entry.

Where I suspect spam makes its money is when sleazeballs see spam they, like you, think it's a number's game. At which point they decide to shell out some money to a spammer to spam something. Who is going to spread the word that they tried spammi

The same people who fall for 419 scams or any other of them. These people are stupid, like your gradma, your mom or your little sister or enough people who are not on/.

Now how many do you need to make this profitable? For all I know, 1 or 2 can be enough to make a profit and that could be the cat playing with the device when the SMS comes in and presses it by accident.

And are you REALLY surprised this happens? Then you must never have worked with security. Perhaps you have programmed security on systems, b

And rooting may be done by a user who finds they need to do it in order to install some APK they found on the web. Perhaps to avoid paying the 99 cents on the Play Store so they downloaded it elsewhere for free.

As for clicking the link to the APK and downloading/installing, it's trivial to do. There are categories of apps you can say the APK does that will get people to ins

Don't forget, you also need to disable Verify Apps, the built-in malware scanner.

WHO THE FUCK FALLS FOR THIS SHIT?!?!

Hardly anyone, actually. Watch for the "State of Android Security" paper that should come out in the next few weeks for more detail, but the fact is that very, very few Android devices have any malware on them. Last year's numbers, IIRC, were on the order of 0.1% of devices, and that's with a pretty broad definition of "malware" ("Potentially Harmful Apps" is the term Google uses).

Firstly, the link in the article above takes you to a site which has nothing at all in it about Android malware. It's completely about Linux malware that's injected via Windows machines. So what the hell is it doing in the article as the primary link?

Seriously? How the hell do people successfully find idiots who will do that kind of thing?

I think you underestimate how easily the random user follows directions claiming to give them access to something they normally don't or shouldn't get (i.e., pirated content, pr0n, free money). Combine with strong restrictions from government, corporate or parental overlords and it's fairly easy to scam people to do all sorts of bad things for a free token (because part of the reaction is "fuck this, I deserve free shit")

It's downmodded because of who posted it. In this instance, I have to say it should be modded up because it's actually useful information (well, 2/3 of it) but, after a tiff with the poster which resulted in me losing a fair bit of karma, I don't have available mod points to correct it; had I not been stabbed in the back, this would not be the case.

Instead, I'll just post (and without the karma modifier that will get my post in front of more eyeballs) to suggest that those with mod points make the correct

Pftbtbt... this isn't real malware because it requires side-loading, and everyone knows that's super dangerous so you should only use the wall^H^H^H^H store. Let's meet over in the next thread so I can tell you about how awesome Android is because you can sideload apps!

Sideloading is both perfectly safe and extremely dangerous at the same time. App I developed myself? Perfectly safe to sideload. Random app off the internet? Dangerous without implicit and properly-placed trust in the developer. App developed by my employer? Well, that depends on the employer and why they want me to install the app, but I'm probably safe there.